OpenStack安装部署
一、基础准备工作
部署环境:CentOS 7 64
1、关闭本地iptables防火墙并设置开机不自启动
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># systemctl stop firewalld.service# systemctl disable firewalld.service</span></code></span></span>2、关闭本地selinux防火墙
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># vim /etc/sysconfig/selinux SELINUX=disabled# setenforce 0</span></code></span></span>3、设置主机计算机名称
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># hostnamectl set-hostname controller</span></code></span></span>4、本地主机名称和ip的解析
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># vim /etc/hosts192.168.0.104 controller</span></code></span></span>5、安装ntp时间校准工具
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># yum -y install ntp# ntpdate asia.pool.ntp.org</span></code></span></span>6、安装第三方yum源
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># yum -y install yum-plugin-priorities# yum -y install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm # yum -y install http://rdo.fedorapeople.org/openstack-juno/rdo-release-juno.rpm</span></code></span></span>7、升级系统软件包并重新系统
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># yum upgrade# reboot</span></code></span></span>二、安装配置mariadb数据库
1、安装mariadb数据库
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># yum -y install mariadb mariadb-server MySQL-python</span></code></span></span>2、配置mariadb数据库
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># cp /etc/my.cnf /etc/my.cnf.bak# rpm -ql mariadb# vim /etc/my.cnf.d/server.cnf[mysqld]bind-address = 0.0.0.0</span>
default-storage-engine <span style="color:#9a6e3a">=</span> innodb
innodb_file_per_table
collation-server <span style="color:#9a6e3a">=</span> utf8_general_ci
init-connect <span style="color:#9a6e3a">=</span> <span style="color:#669900">'SET NAMES utf8'</span>character-set-server <span style="color:#9a6e3a">=</span> utf8</code></span></span>3、启动mariadb数据库
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># systemctl enable mariadb.service# systemctl start mariadb.service</span></code></span></span>三、安装消息队列服务
1、安装rabbit所需软件包
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># yum -y install rabbitmq-server</span></code></span></span>2、启动rabbit服务
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># systemctl enable rabbitmq-server.service# systemctl start rabbitmq-server.service</span></code></span></span>3、设置rabbit服务密码
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># rabbitmqctl change_password guest rabbit</span></code></span></span>四、安装keyston用户认证组件
1、创建keystone数据库和授权用户
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash">mysql -u root -p
CREATE DATABASE keystone<span style="color:#999999">;</span>GRANT ALL PRIVILEGES ON keystone.* TO <span style="color:#669900">'keystone'</span>@<span style="color:#669900">'localhost'</span> IDENTIFIED BY <span style="color:#669900">'keystone'</span><span style="color:#999999">;</span>GRANT ALL PRIVILEGES ON keystone.* TO <span style="color:#669900">'keystone'</span>@<span style="color:#669900">'%'</span> IDENTIFIED BY <span style="color:#669900">'keystone'</span><span style="color:#999999">;</span></code></span></span>2、安装keystone组件包
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># yum -y install openstack-utils openstack-keystone python-keystoneclient</span></code></span></span>3、配置keystone文件
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak# vim /etc/keystone/keystone.conf [DEFAULT]verbose = True[database]connection = mysql://keystone:keystone@controller/keystone[token]provider = keystone.token.providers.uuid.Provider</span>
driver <span style="color:#9a6e3a">=</span> keystone.token.persistence.backends.sql.Token</code></span></span>4、创建证书和秘钥文件
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone-manage pki_setup --keystone-user keystone --keystone-group keystone# chown -R keystone:keystone /var/log/keystone# chown -R keystone:keystone /etc/keystone/ssl# chmod -R o-rwx /etc/keystone/ssl</span></code></span></span>5、同步keystone到mariadb数据库
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># su -s /bin/sh -c "keystone-manage db_sync" keystone</span></code></span></span>6、启动keystone服务并开机自启动
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># systemctl enable openstack-keystone.service# systemctl start openstack-keystone.service</span></code></span></span>7、清除过期的令牌
默认情况下,身份服务存储在数据库中过期的令牌无限。到期令牌的积累大大增加数据库的大小,可能会降低服务的性能,特别是在资源有限的环境中。我们建议您使用cron配置一个周期性任务,清除过期的令牌时
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># (crontab -l -u keystone 2>&1 | grep -q token_flush) || \</span>
<span style="color:#0077aa">echo</span> <span style="color:#669900">'@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1'</span> \ <span style="color:#9a6e3a">>></span> /var/spool/cron/keystone</code></span></span>----------------------------Create tenants,user,and roles---------------------------------
1、配置admin的token
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># export OS_SERVICE_TOKEN=$(openssl rand -hex 10)# export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0# echo $OS_SERVICE_TOKEN > ~/ks_admin_token# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $OS_SERVICE_TOKEN# service openstack-keystone restart</span></code></span></span>2、创建tenant、user and role
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash">a.Create the admin tenant、user、role<span style="color:slategray"># keystone tenant-create --name admin --description "Admin Tenant"# keystone user-create --name admin --pass admin --email admin@zhengyansheng.com# keystone role-create --name adminb.Add the admin tenant and user to the admin role:# keystone user-role-add --tenant admin --user admin --role adminc.By default, the dashboard limits access to users with the _member_ role.# keystone role-create --name _member_d.Add the admin tenant and user to the _member_ role:# keystone user-role-add --tenant admin --user admin --role _member_</span></code></span></span>3、创建一个普通demo项目和用户
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash">a.Create the demo tenant:<span style="color:slategray"># keystone tenant-create --name demo --description "Demo Tenant"b.Create the demo user:# keystone user-create --name demo --pass demo --email demo@zhengyansheng.comc.Add the demo tenant and user to the _member_ role:# keystone user-role-add --tenant demo --user demo --role _member_</span></code></span></span>4、创建一个service项目
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone tenant-create --name service --description "Service Tenant"</span></code></span></span>------------------------Create the service entity and API endpoint------------------------
1、Create the service entity and API endpoint | Create the service entity for the Identity service:
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone service-create --name keystone --type identity --description "OpenStack Identity"</span></code></span></span>2、Create the API endpoint for the Identity service:
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone endpoint-create \--service-id $(keystone service-list | awk '/ identity / {print $2}') \</span>
--publicurl http://controller:5000/v2.0 \
--internalurl http://controller:5000/v2.0 \
--adminurl http://controller:35357/v2.0 \
--region regionOne</code></span></span>3、查看keystone认证信息
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:#999999">[</span>root@controller ~<span style="color:#999999">]</span><span style="color:slategray"># keystone user-list+----------------------------------+-------+---------+-------------------------+| id | name | enabled | email |+----------------------------------+-------+---------+-------------------------+| 7053cfacc4b047dcabe82f6be0e5dc77 | admin | True | admin@zhengyansheng.com || eea569106329465996e9e09a666838bd | demo | True | demo@zhengyansheng.com |+----------------------------------+-------+---------+-------------------------+[root@controller ~]# keystone tenant-list+----------------------------------+---------+---------+| id | name | enabled |+----------------------------------+---------+---------+| 307fd76766eb4b02a28779f4e88717ce | admin | True || f054bd56851b4a318a19233a13e13d31 | demo | True || d865c3b49f6f4bf7b2a0b93e0110e546 | service | True |+----------------------------------+---------+---------+[root@controller ~]# keystone service-list+----------------------------------+----------+----------+--------------------+| id | name | type | description |+----------------------------------+----------+----------+--------------------+| 9754f7bdf78c4000875f1aa5f3291b19 | keystone | identity | OpenStack Identity |+----------------------------------+----------+----------+--------------------+[root@controller ~]# keystone endpoint-list+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+ | id | region | publicurl | internalurl | adminurl | service_id |</span>
+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+ <span style="color:#9a6e3a">|</span> 6831d6708fe4469fa653b9b5adf801d9 <span style="color:#9a6e3a">|</span> regionOne <span style="color:#9a6e3a">|</span> http://controller:5000/v2.0 <span style="color:#9a6e3a">|</span> http://controller:5000/v2.0 <span style="color:#9a6e3a">|</span> http://controller:35357/v2.0 <span style="color:#9a6e3a">|</span> 9754f7bdf78c4000875f1aa5f3291b19 <span style="color:#9a6e3a">|</span>
+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+</code></span></span>4、取消临时设置的环境变量
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># unset OS_SERVICE_TOKEN # unset OS_SERVICE_ENDPOINT</span></code></span></span>5、使用keystone进行用户认证
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 token-get# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 tenant-list# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 user-list# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 role-list</span></code></span></span>6、使用普通用户demo认证测试
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone --os-tenant-name demo --os-username demo --os-password demo --os-auth-url http://controller:35357/v2.0 token-get# keystone --os-tenant-name demo --os-username demo --os-password demo --os-auth-url http://controller:35357/v2.0 user-listYou are not authorized to perform the requested action: admin_required (HTTP 403)</span></code></span></span>7、客户端cli命令行脚本
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># vim ~/admin-openrc.sh export OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_AUTH_URL=http://controller:35357/v2.0</span></code></span></span><span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># vim ~/demo-openrc.shexport OS_TENANT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=demoexport OS_AUTH_URL=http://controller:5000/v2.0</span></code></span></span><span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># source admin-openrc.sh</span></code></span></span>8、测试如果取消环境变量,通过keystone仍然能够认证通过说明keystone是配置成功的
四、安装glance组件
1、创建keystone数据库和授权用户
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash">mysql -u root -p
CREATE DATABASE glance<span style="color:#999999">;</span>GRANT ALL PRIVILEGES ON glance.* TO <span style="color:#669900">'glance'</span>@<span style="color:#669900">'localhost'</span> IDENTIFIED BY <span style="color:#669900">'glance'</span><span style="color:#999999">;</span>GRANT ALL PRIVILEGES ON glance.* TO <span style="color:#669900">'glance'</span>@<span style="color:#669900">'%'</span> IDENTIFIED BY <span style="color:#669900">'glance'</span><span style="color:#999999">;</span></code></span></span>2、创建glance用户并加入到admin组中
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone user-create --name glance --pass glance# keystone user-role-add --user glance --tenant service --role admin</span></code></span></span>3、创建glance服务
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone service-create --name glance --type image --description "OpenStack Image Service"</span></code></span></span>4、创建Identity的服务访问rul
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone endpoint-create \--service-id $(keystone service-list | awk '/ image / {print $2}') \</span>
--publicurl http://controller:9292 \
--internalurl http://controller:9292 \
--adminurl http://controller:9292 \
--region regionOne</code></span></span>5、安装配置glance包
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># yum -y install openstack-glance python-glanceclient</span></code></span></span>6、修改glance配置文件
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak# vim /etc/glance/glance-api.conf[DEFAULT] verbose = True[database]connection = mysql://glance:glance@controller/glance[keystone_authtoken]auth_uri = http://controller:5000/v2.0</span>
identity_uri <span style="color:#9a6e3a">=</span> http://controller:35357
admin_tenant_name <span style="color:#9a6e3a">=</span> serviceadmin_user <span style="color:#9a6e3a">=</span> glance
admin_password <span style="color:#9a6e3a">=</span> glance<span style="color:#999999">[</span>paste_deploy<span style="color:#999999">]</span>flavor <span style="color:#9a6e3a">=</span> keystone<span style="color:#999999">[</span>glance_store<span style="color:#999999">]</span>default_store <span style="color:#9a6e3a">=</span> filefilesystem_store_datadir <span style="color:#9a6e3a">=</span> /var/lib/glance/images/</code></span></span><span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak# vim /etc/glance/glance-registry.conf[DEFAULT]verbose = True[database]connection = mysql://glance:glance@controller/glance[keystone_authtoken]auth_uri = http://controller:5000/v2.0</span>
identity_uri <span style="color:#9a6e3a">=</span> http://controller:35357
admin_tenant_name <span style="color:#9a6e3a">=</span> serviceadmin_user <span style="color:#9a6e3a">=</span> glance
admin_password <span style="color:#9a6e3a">=</span> glance
<span style="color:#999999">[</span>paste_deploy<span style="color:#999999">]</span>flavor <span style="color:#9a6e3a">=</span> keystone</code></span></span>7、同步glance到mariadb数据库
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># su -s /bin/sh -c "glance-manage db_sync" glance</span></code></span></span>8、启动和开机自启动
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># systemctl enable openstack-glance-api.service openstack-glance-registry.service# systemctl start openstack-glance-api.service openstack-glance-registry.service</span></code></span></span>9、下载上传image镜像
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-cpp"><span style="color:#990055"># mkdir /tmp/images# cd /tmp/images# wget http://cdn.download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img# glance image-create --name "cirros-0.3.3-x86_64" --file cirros-0.3.3-x86_64-disk.img --disk-format qcow2 --container-format bare --is-public True --progress# glance image-list# mv /tmp/images /opt</span></code></span></span>五、添加一个计算节点
1、创建nova数据库和授权用户
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash">mysql -u root -p
CREATE DATABASE nova<span style="color:#999999">;</span>GRANT ALL PRIVILEGES ON nova.* TO <span style="color:#669900">'nova'</span>@<span style="color:#669900">'localhost'</span> IDENTIFIED BY <span style="color:#669900">'nova'</span><span style="color:#999999">;</span>GRANT ALL PRIVILEGES ON nova.* TO <span style="color:#669900">'nova'</span>@<span style="color:#669900">'%'</span> IDENTIFIED BY <span style="color:#669900">'nova'</span><span style="color:#999999">;</span></code></span></span>2、创建Nova的用户,加入到admin组、service服务
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone user-create --name nova --pass nova# keystone user-role-add --user nova --tenant service --role admin# keystone service-create --name nova --type compute --description "OpenStack Compute"</span></code></span></span>3、创建计算节点的访问url
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone endpoint-create \--service-id $(keystone service-list | awk '/ compute / {print $2}') \</span>
--publicurl http://controller:8774/v2/%\<span style="color:#999999">(</span>tenant_id\<span style="color:#999999">)</span>s \
--internalurl http://controller:8774/v2/%\<span style="color:#999999">(</span>tenant_id\<span style="color:#999999">)</span>s \
--adminurl http://controller:8774/v2/%\<span style="color:#999999">(</span>tenant_id\<span style="color:#999999">)</span>s \
--region regionOne</code></span></span>4、安装Nova包
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># yum -y install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient# yum -y install openstack-nova-compute sysfsutils</span></code></span></span>5、修改nova配置文件
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># cp /etc/nova/nova.conf /etc/nova/nova.conf.bak# vim /etc/nova/nova.conf[DEFAULT]my_ip = controller</span>
vncserver_listen <span style="color:#9a6e3a">=</span> controller
vncserver_proxyclient_address <span style="color:#9a6e3a">=</span> controller
verbose <span style="color:#9a6e3a">=</span> True
rpc_backend <span style="color:#9a6e3a">=</span> rabbit
rabbit_host <span style="color:#9a6e3a">=</span> controller
rabbit_password <span style="color:#9a6e3a">=</span> rabbit
auth_strategy <span style="color:#9a6e3a">=</span> keystone
vnc_enabled <span style="color:#9a6e3a">=</span> True
vncserver_listen <span style="color:#9a6e3a">=</span> 0.0.0.0
vncserver_proxyclient_address <span style="color:#9a6e3a">=</span> controller
novncproxy_base_url <span style="color:#9a6e3a">=</span> http://controller:6080/vnc_auto.html<span style="color:#999999">[</span>database<span style="color:#999999">]</span>connection <span style="color:#9a6e3a">=</span> mysql://nova:nova@controller/nova<span style="color:#999999">[</span>keystone_authtoken<span style="color:#999999">]</span>auth_uri <span style="color:#9a6e3a">=</span> http://controller:5000/v2.0
identity_uri <span style="color:#9a6e3a">=</span> http://controller:35357
admin_tenant_name <span style="color:#9a6e3a">=</span> serviceadmin_user <span style="color:#9a6e3a">=</span> nova
admin_password <span style="color:#9a6e3a">=</span> nova<span style="color:#999999">[</span>glance<span style="color:#999999">]</span>host <span style="color:#9a6e3a">=</span> controller<span style="color:#999999">[</span>libvirt<span style="color:#999999">]</span>virt_type <span style="color:#9a6e3a">=</span> qemu</code></span></span>6、同步nova到moriadb数据库
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># su -s /bin/sh -c "nova-manage db sync" nova</span></code></span></span>7、启动众多服务开机自启动
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># systemctl enable openstack-nova-api.service openstack-nova-cert.service \</span>
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service<span style="color:slategray"># systemctl start openstack-nova-api.service openstack-nova-cert.service \</span>
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
<span style="color:slategray"># systemctl enable libvirtd.service openstack-nova-compute.service# systemctl start libvirtd.service# systemctl start openstack-nova-compute.service# nova service-list# nova image-list</span></code></span></span>六、添加一个网络节点
1、创建neutron数据库和授权用户
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash">mysql -u root -p
CREATE DATABASE neutron<span style="color:#999999">;</span>GRANT ALL PRIVILEGES ON neutron.* TO <span style="color:#669900">'neutron'</span>@<span style="color:#669900">'localhost'</span> IDENTIFIED BY <span style="color:#669900">'neutron'</span><span style="color:#999999">;</span>GRANT ALL PRIVILEGES ON neutron.* TO <span style="color:#669900">'neutron'</span>@<span style="color:#669900">'%'</span> IDENTIFIED BY <span style="color:#669900">'neutron'</span><span style="color:#999999">;</span></code></span></span>2、创建neutron用户,加入到admin组中,并创建neutron服务
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone user-create --name neutron --pass neutron# keystone user-role-add --user neutron --tenant service --role admin# keystone service-create --name neutron --type network --description "OpenStack Networking"</span></code></span></span>3、创建neutron的endponit访问url
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone endpoint-create \--service-id $(keystone service-list | awk '/ image / {print $2}') \</span>
--publicurl http://controller:5672 \
--internalurl http://controller:5672 \
--adminurl http://controller:5672 \
--region regionOne</code></span></span>4、安装neutron包
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># yum -y install openstack-neutron openstack-neutron-ml2 python-neutronclient which</span></code></span></span>5、修改neutron配置文件
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak# vim /etc/neutron/neutron.conf [DEFAULT] rpc_backend = rabbit</span>
rabbit_host <span style="color:#9a6e3a">=</span> controller
rabbit_password <span style="color:#9a6e3a">=</span> rabbit
auth_strategy <span style="color:#9a6e3a">=</span> keystone
core_plugin <span style="color:#9a6e3a">=</span> ml2
service_plugins <span style="color:#9a6e3a">=</span> router
allow_overlapping_ips <span style="color:#9a6e3a">=</span> True
notify_nova_on_port_status_changes <span style="color:#9a6e3a">=</span> True
notify_nova_on_port_data_changes <span style="color:#9a6e3a">=</span> True
nova_url <span style="color:#9a6e3a">=</span> http://controller:8774/v2
nova_admin_auth_url <span style="color:#9a6e3a">=</span> http://controller:35357/v2.0
nova_region_name <span style="color:#9a6e3a">=</span> regionOne
nova_admin_username <span style="color:#9a6e3a">=</span> nova
nova_admin_tenant_id <span style="color:#9a6e3a">=</span> SERVICE_TENANT_ID
nova_admin_password <span style="color:#9a6e3a">=</span> nova
verbose <span style="color:#9a6e3a">=</span> True<span style="color:#999999">[</span>database<span style="color:#999999">]</span>connection <span style="color:#9a6e3a">=</span> mysql://neutron:neutron@controller/neutron<span style="color:#999999">[</span>keystone_authtoken<span style="color:#999999">]</span>auth_uri <span style="color:#9a6e3a">=</span> http://controller:5000/v2.0
identity_uri <span style="color:#9a6e3a">=</span> http://controller:35357
admin_tenant_name <span style="color:#9a6e3a">=</span> serviceadmin_user <span style="color:#9a6e3a">=</span> neutron
admin_password <span style="color:#9a6e3a">=</span> neutron</code></span></span>6、测试
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># keystone tenant-get service</span></code></span></span><span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak# vim /etc/neutron/plugins/ml2/ml2_conf.ini[ml2]type_drivers = flat,gre</span>
tenant_network_types <span style="color:#9a6e3a">=</span> gre
mechanism_drivers <span style="color:#9a6e3a">=</span> openvswitch<span style="color:#999999">[</span>ml2_type_gre<span style="color:#999999">]</span> tunnel_id_ranges <span style="color:#9a6e3a">=</span> 1:1000<span style="color:#999999">[</span>securitygroup<span style="color:#999999">]</span> enable_security_group <span style="color:#9a6e3a">=</span> True
enable_ipset <span style="color:#9a6e3a">=</span> True
firewall_driver <span style="color:#9a6e3a">=</span> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</code></span></span><span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># vim /etc/nova/nova.conf [DEFAULT]network_api_class = nova.network.neutronv2.api.API</span>
security_group_api <span style="color:#9a6e3a">=</span> neutron
linuxnet_interface_driver <span style="color:#9a6e3a">=</span> nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver <span style="color:#9a6e3a">=</span> nova.virt.firewall.NoopFirewallDriver<span style="color:#999999">[</span>neutron<span style="color:#999999">]</span>url <span style="color:#9a6e3a">=</span> http://controller:9696
auth_strategy <span style="color:#9a6e3a">=</span> keystone
admin_auth_url <span style="color:#9a6e3a">=</span> http://controller:35357/v2.0
admin_tenant_name <span style="color:#9a6e3a">=</span> serviceadmin_username <span style="color:#9a6e3a">=</span> neutron
admin_password <span style="color:#9a6e3a">=</span> neutron</code></span></span><span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini</span></code></span></span>7、同步neutron到mariadb数据库
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron</span></code></span></span>8、重新启动compute服务
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service</span></code></span></span>9、开机自启动服务
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># systemctl enable neutron-server.service# systemctl start neutron-server.service</span></code></span></span>10、查看neutron-server进程
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># neutron ext-list</span></code></span></span>11、查看相关信息
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># tail -f /var/log/neutron/server.log</span></code></span></span>12、配置内核网络参数
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># cp /etc/sysctl.conf /etc/sysctl.conf.bak# vim /etc/sysctl.conf net.ipv4.ip_forward=1</span>
net.ipv4.conf.all.rp_filter<span style="color:#9a6e3a">=</span>0
net.ipv4.conf.default.rp_filter<span style="color:#9a6e3a">=</span>0<span style="color:slategray"># sysctl -p</span></code></span></span>13、安装网络组件包
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch</span></code></span></span>14、配置常用的网络组件
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># vim /etc/neutron/plugins/ml2/ml2_conf.ini[ml2_type_flat] flat_networks = external </span>
<span style="color:#999999">[</span>ovs<span style="color:#999999">]</span> local_ip <span style="color:#9a6e3a">=</span> INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
enable_tunneling <span style="color:#9a6e3a">=</span> True
bridge_mappings <span style="color:#9a6e3a">=</span> external:br-ex
<span style="color:#999999">[</span>agent<span style="color:#999999">]</span>tunnel_types <span style="color:#9a6e3a">=</span> gre</code></span></span><span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak# vim /etc/neutron/l3_agent.ini[DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver</span>
use_namespaces <span style="color:#9a6e3a">=</span> True
external_network_bridge <span style="color:#9a6e3a">=</span> br-ex
verbose <span style="color:#9a6e3a">=</span> True</code></span></span><span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak# vim /etc/neutron/dhcp_agent.ini [DEFAULT]interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver</span>
dhcp_driver <span style="color:#9a6e3a">=</span> neutron.agent.linux.dhcp.Dnsmasq
use_namespaces <span style="color:#9a6e3a">=</span> True
verbose <span style="color:#9a6e3a">=</span> True
dnsmasq_config_file <span style="color:#9a6e3a">=</span> /etc/neutron/dnsmasq-neutron.conf</code></span></span><span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak# vim /etc/neutron/metadata_agent.ini[DEFAULT] auth_url = http://controller:5000/v2.0</span>
auth_region <span style="color:#9a6e3a">=</span> regionOne
admin_tenant_name <span style="color:#9a6e3a">=</span> serviceadmin_user <span style="color:#9a6e3a">=</span> neutron
admin_password <span style="color:#9a6e3a">=</span> neutron
nova_metadata_ip <span style="color:#9a6e3a">=</span> controller
metadata_proxy_shared_secret <span style="color:#9a6e3a">=</span> METADATA_SECRET
verbose <span style="color:#9a6e3a">=</span> True</code></span></span><span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># vim /etc/nova/nova.conf [neutron] service_metadata_proxy = True</span>
metadata_proxy_shared_secret <span style="color:#9a6e3a">=</span> METADATA_SECRET</code></span></span>15、在控制节点上重新启动API服务
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># systemctl restart openstack-nova-api.service</span></code></span></span>七、安装配置dashboard
1、安装dashboard和所需的和依赖包
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># yum install openstack-dashboard httpd mod_wsgi memcached python-memcached</span></code></span></span>2、修改dashboard配置文件
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># cp /etc/openstack-dashboard/local_settings /etc/openstack-dashboard/local_settings.bak# vim /etc/openstack-dashboard/local_settingsOPENSTACK_HOST = "controller"ALLOWED_HOSTS = ['*']CACHES = {</span>
<span style="color:#669900">'default'</span><span style="color:#0077aa">:</span> <span style="color:#999999">{</span>
<span style="color:#669900">'BACKEND'</span><span style="color:#0077aa">:</span> <span style="color:#669900">'django.core.cache.backends.memcached.MemcachedCache'</span>, <span style="color:#669900">'LOCATION'</span><span style="color:#0077aa">:</span> <span style="color:#669900">'127.0.0.1:11211'</span>, <span style="color:#999999">}</span><span style="color:#999999">}</span>TIME_ZONE <span style="color:#9a6e3a">=</span> <span style="color:#669900">"TIME_ZONE"</span></code></span></span>3、运行web服务连接OpenStack服务
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># setsebool -P httpd_can_network_connect on</span></code></span></span>4、由于包装缺陷,仪表板不能正确加载CSS。运行以下命令来解决这个问题:
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># chown -R apache:apache /usr/share/openstack-dashboard/static</span></code></span></span>5、启动Web服务器和会话存储服务和配置启动系统启动时:
<span style="color:#333333"><span style="color:#ffffff !important"><code class="language-bash"><span style="color:slategray"># systemctl enable httpd.service memcached.service# systemctl start httpd.service memcached.service</span></code></span></span>八、访问测试
1、基于HTTP进行访问测试:
好了,今天就先到这里吧!后续会继续补充,祝大家周末愉快。
©著作权归作者所有:来自51CTO博客作者我不是九爷的原创作品,如需转载,请注明出处,否则将追究法律责任
1192
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
